If you want to submit a PR with putting Inspection content under shared/checks/inspec, that would be great. We can then look at the content and determine what needs to be done.
On Wednesday, June 20, 2018, Trevor Vaughan <[email protected]> wrote: > I'd like to contribute the checks (they're not remediations) but I'm not > quite sure how to mesh them into the greater structure. Honestly, making > them sub-modules might make more sense lest this beast grow to unmanageable > proportions. > > If you have any ideas after looking at the repo, please let me know! > > Thanks, > > Trevor > > On Wed, Jun 20, 2018 at 5:07 PM Shawn Wells <[email protected]> wrote: > >> >> >> On 6/20/18 5:03 PM, Trevor Vaughan wrote: >> >> Hi All, >> >> As part of delving into InSpec for my CI tests, I decided that I need to >> have some form of baseline to follow. >> >> To that end, our public STIG profile does the following: >> >> 1. Build a system >> 2. Download and compile the SSG >> 3. Run an oscap remediate using the SSG >> 4. Check the system using InSpec >> >> The idea here is that the remediation should get the system to a point >> where the more static OVAL checks that SCAP uses should be used as a low >> water mark for the more dynamic InSpec checks. >> >> I wanted to share the tests in Travis CI in case it helps anyone here >> find issues with the SSG in the future. For instance, some of the profile >> renaming just bit us and makes automating the scans pretty interesting. >> >> Anyway, you can watch the 'System Test' build stage here >> https://travis-ci.org/simp/inspec-profile-disa_stig-el7 that will get >> triggered any time things are updated in the repo and, of course, you can >> also download it and run it locally. >> >> Ideally, these tests will start showing a 100% pass across the board and >> this can serve as some help to the community. >> >> >> Thanks for sharing! Will check it out. >> >> Any intent to contribute your Inspec remediations? Would be great to get >> them folded into SSG! >> _______________________________________________ >> scap-security-guide mailing list -- scap-security-guide@lists. >> fedorahosted.org >> To unsubscribe send an email to scap-security-guide-leave@ >> lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/scap- >> [email protected]/message/ >> TE3MXLNZ5VCF4UERYXTNX4CHV6QY7YJA/ >> > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 > > -- This account not approved for unencrypted proprietary information -- >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/GPQS54P27X2CW3Y75O4VU42HIYLPDAWA/
